Security quotes of the week

I'm there in spirit, though. The title of the hearing is "TSA Oversight Part III: Effective Security or Security Theater?"

ICANN will not be fixed. It cannot be fixed. It is structurally constituted in a manner that cannot reasonably serve the broad interests of today's global Internet community and the world community at large.

Year after year we've watched ICANN suddenly shift and sway like the proverbial bull in the china shop, smashing past promises and pronouncements in its wake. And now, like an out of control starship that has lurched beyond a black hole's event horizon, it is being sucked inexorably toward a dark chaos of greed, a maelstrom of its own creation.

My guess is that they can't. That is, they don't have a cryptanalytic attack against the AES algorithm that allows them to recover a key from known or chosen ciphertext with a reasonable time and memory complexity. I believe that what the "top official" was referring to is attacks that focus on the implementation and bypass the encryption algorithm: side-channel attacks, attacks against the key generation systems (either exploiting bad random number generators or sloppy password creation habits), attacks that target the endpoints of the communication system and not the wire, attacks that exploit key leakage, attacks against buggy implementations of the algorithm, and so on. These attacks are likely to be much more effective against computer encryption.